from ubuntu 7.10

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21994 ec53bebd-3082-4978-b11e-865c3cabbd6b

packages/debian/extras/default

@@ -0,0 +1,17 @@
+# Do we start the KDC?
+KDC_ENABLED=yes
+KDC_PARAMS=""
+
+# the kpasswdd?
+KPASSWDD_ENABLED=yes
+KPASSWDD_PARAMS=""
+
+# kprop master?
+MASTER_ENABLED=no
+
+# How about the kprop slave?
+SLAVE_ENABLED=no
+
+# Add at least your master server name here when using iprop-replication
+# otherwise it would fail silently.
+SLAVE_PARAMS=""

packages/debian/extras/kadmind.acl

@@ -0,0 +1 @@
+#principal       [priv1,priv2,...]       [glob-pattern]

packages/debian/extras/kdc.conf

@@ -0,0 +1,91 @@
+[kdc]
+# See allowed values in krb5_openlog(3) man page.
+logging = FILE:/var/log/heimdal-kdc.log
+
+# detach = boolean
+
+# Gives an upper limit on the size of the requests that the kdc is
+# willing to handle.
+# max-request =  integer
+
+# Turn off the requirement for pre-autentication in the initial AS-
+# REQ for all principals.  The use of pre-authentication makes it
+# more difficult to do offline password attacks.  You might want to
+# turn it off if you have clients that don't support pre-authenti-
+# cation.  Since the version 4 protocol doesn't support any pre-
+# authentication, serving version 4 clients is just about the same
+# as not requiring pre-athentication.  The default is to require
+# pre-authentication.  Adding the require-preauth per principal is
+# a more flexible way of handling this.
+# require-preauth = boolean
+
+# Specifies the set of ports the KDC should listen on.  It is given
+# as a white-space separated list of services or port numbers.
+# ports = 88,750
+
+# The list of addresses to listen for requests on.  By default, the
+# kdc will listen on all the locally configured addresses.  If only
+# a subset is desired, or the automatic detection fails, this
+# option might be used.
+# addresses = list of ip addresses
+
+# respond to Kerberos 4 requests
+# enable-kerberos4 = false
+
+# respond to Kerberos 4 requests from foreign realms.  This is a
+# known security hole and should not be enabled unless you under-
+# stand the consequences and are willing to live with them.
+# enable-kerberos4-cross-realm = false
+
+# respond to 524 requests
+# enable-524 = value of enable-kerberos4
+
+# Makes the kdc listen on port 80 and handle requests encapsulated
+# in HTTP.
+# enable-http = boolean
+
+# What realm this server should act as when dealing with version 4
+# requests.  The database can contain any number of realms, but
+# since the version 4 protocol doesn't contain a realm for the
+# server, it must be explicitly specified.  The default is whatever
+# is returned by krb_get_lrealm().  This option is only availabe if
+# the KDC has been compiled with version 4 support.
+# v4-realm = string
+
+# Enable kaserver emulation (in case it's compiled in).
+# enable-kaserver = false
+
+# Check the addresses in the ticket when processing TGS requests.
+# check-ticket-addresses = true
+
+# Permit tickets with no addresses.  This option is only
+# relevent when check-ticket-addresses is TRUE.
+# allow-null-ticket-addresses = true
+
+# Permit anonymous tickets with no addresses.
+# allow-anonymous = boolean
+
+# Always verify the transited policy, ignoring the
+# disable-transited-check flag if set in the KDC client request.
+# transited-policy = {always-check,allow-per-principal,always-honour-request}
+
+# Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE
+# code. The Heimdal clients allow both.
+# encode_as_rep_as_tgs_rep = boolean
+
+# How long before password/principal expiration the KDC should
+# start sending out warning messages.
+# kdc_warn_pwexpire = time
+
+# Specifies the set of ports the KDC should listen on.  It is given
+# as a white-space separated list of services or port numbers.
+# kdc_ports = 88,750
+
+# [password_quality]
+# check_library = LIBRARY
+# check_function = FUNCTION
+# min_length = value
+
+# [kadmin]
+# default_keys = list of strings
+# use_v4_salt = boolean